Sites like Radaris, SocialCatfish, VoterRecords.com, Persopo, PeekYou, and WhitePages.com scrape the internet for the personal information of as many people as they can find, plus buy it in bulk from other sources. Then they post it online and sell it to anyone who wants to know about you. This is legal (though there are a lot of gray areas), but the net result is that a shocking amount of personal data is available about us online. Most of these sites will remove your data if you ask—but they don’t make it easy. Plus you have to ask each of them individually, and to do that, you have to know who they are in the first place.
We automate the opt-out process on these sites, first finding your exposed profiles, and then removing your information from both the public internet and the datasets they sell. Because there are hundreds of such sites, it’s impractical to manage all this on your own. Software, however, can manage it nicely. We’ve written that software.
This helps protect you from identity theft, phishing, hacking, spamming, doxing, and more. People search sites are used not only by identity thieves, but by phishers and hackers who craft convincing emails referencing non-obvious personal details as a way to build trust and trick you or those close to you into letting your guard down.
We arrived at this problem from two opposite directions. Two of us worked in the data broker industry in the past, but as we learned more about what this data actually gets used for, and the harms it can cause, we decided to leave. We had a lot of inside knowledge about how the industry worked and decided to use that knowledge to help people learn more about the problem and address it head on.
The other thing that happened was that I was a victim of identity theft. The thieves were able to open new accounts in my name by creating a fake ID and then piecing together information to bypass verification questions like “In which of the following cities have you never lived or used in your address?” or “Which of the following streets has a current or former association with you?” I found it was nearly impossible to remove myself from the Byzantine ecosystem of data brokers posting and selling his info online. Once the dust had cleared, we began discussing approaches to automating opt out and removal requests and Optery was born.
The problem is hard to solve for two reasons. First, there are so many data brokers, each with their own nuances and distinct processes for opt outs. So far we’ve built custom opt out processes for over 200 data brokers. Second, most U.S. citizens actually still have few legal rights to data privacy. Optery is only for U.S. residents for the time being, and this is one main reasons—the problem is at its worst here.
This is changing as new privacy laws are starting to get passed at the state level (e.g. in California, Nevada, and Virginia), but as of this writing the majority of U.S. citizens don’t even have a legal right to opt out of their personal information being posted and sold online, and in our experience, about 5% of data brokers simply do not comply with opt out requests. In these cases we file formal complaints to the FTC and state AG offices, and we recommend you do the same. They are slow to act on these complaints unfortunately, but at least the wheels are in motion, and we believe this issue will eventually get taken care of as more people become aware of the problem. In the meantime, we continue to send opt out requests regardless, and are able remove personal data from the other 95%.
One nuance of the opt-out process, which existing services tend not to handle correctly, is that you should avoid sending an opt out request to a data broker unless you are reasonably sure that the provider has your data in the first place. Otherwise you’re giving them information about you, when what you want is just the opposite! Some other services just take a long list of [email protected] email addresses for every data broker they can find, and then blast out generic opt out requests containing all of your identifying information, regardless of whether or not the data broker even has your information to begin with.
But the Achilles’ heel of these sites is that they rely heavily on the open web for marketing: SEO, affiliate programs, and paid search ads. Therefore they mostly support HTTP GET requests in standardized formats to reach individual people’s profiles, e.g. https://www.data-broker.com/person? firstName=george&lastName=orwell&city=new-york&state=NY.
We take advantage of this to find out which providers have you in their database first, before invoking the formal opt-out. These HTTP requests require less information than the formal opt-out processes do, plus are buried inside of the millions of other search requests that are happening through their open web marketing channels (e.g. paid search affiliate, SEO, etc). We’ve been able to find many more exposed profiles this way than the more old-fashioned approaches other services use such as manual searches and the bulk “spray and pray” emails. Also, it lets us provide our users with a dashboard full of these links they can use to discover and verify what’s out there on them. Many people prefer to submit opt out requests on their own, or are already working with a different removal service; in those cases, our dashboard can be used to double-check and verify that work. Visibility and transparency is rarely available to consumers in the world of personal data, so when we demo the product to people who care about their data privacy, it’s often a "wow" moment.
A common question we get is “And what about you? Why should I trust you to collect my data any more than these shady outfits?” To be clear, we do not sell data. We are not a data broker, and do not have any financial relationship or any affiliation with any data broker. If you are looking at an information removal service, research the company carefully. Many other services have deep ties into the data broker industry through affiliate partnerships, data sharing arrangements, and financial relationships. We do not. More on that here: https://www.optery.com/privacy-policy/. You can delete your account at any time and all information we hold about you will be destroyed.
Unfortunately, there is a catch-22 where in order to opt out of people-search sites, you must first tell them who you are (otherwise, how else would they know who to opt out!). To create an Optery account, we require only the minimum amount of information necessary for this, which is: First Name, Last Name, Year of Birth, Current City, and Current State. For most people, this is no more information than what is already publicly available online. We also offer users the option to give us more precise details (such as a full birth date rather than just birth year, past addresses, etc.) because this can increase the accuracy of locating profiles at data brokers and opt outs. This is entirely optional though. The only required info is the absolute minimum, without which there would be no point in creating an account, because we would not be able to find or remove you.
We have a freemium model. When someone creates an account, we send them a free Exposure Report with ~70 screen shots of where they’ve been found, which lets them see where their personal details are posted online and being exploited by data brokers. From there, they can decide if they’d like to use our free tools to submit opt out requests on their own self-service, or they can upgrade to a paid tier and we’ll remove the profiles for them.
We launched Optery as a Show HN last year (https://news.ycombinator.com/item?id=27662114) and the feedback from the community was enormously helpful. We prioritized a bunch of features like adding MFA, expanding our list of data brokers, streamlining UX, and clarifying our privacy terms and practices, all based on feedback from our Show HN. We’d love to hear your thoughts on the current iteration!